AWS ID Format
The AWS ID is transparent to CloudCenter. If AWS returns a longer instance ID, the CloudCenter platform accepts this AWS ID as is. While the Java string does not have a length limit the database schema is limited to 255 characters.
CloudCenter AMI Details
If you need to share CloudCenter AMIs, contact CloudCenter Support with the following information:
AWS account number
Customer ID (CID)
With Multiple Volumes configured when deploying the application on AWS, users have the option to select pricing by using the On-Demand Instance.
Identity and Access Management (IAM) Role and Security Token Service (STS) are supported by the CloudCenter platform.
These two features are dependent on the CCO being launched (and establishing a trust relationship in AWS) using an IAM role. See http://docs.aws.amazon.com for additional details.
To use IAM roles, you must launch the CCO VM using the admin role so you can use the IAM role at any point in the future. Launching a CCO VM with the admin role allows you to use either the IAM role or the classic key/secret key access at any time.
For IAM role-based accounts, the CloudCenter platform requires the EC2fullAccess role (minimum requirement). If using the CloudCenter RDS out-of-box service, your account additionally requires RDSfullAccess as well.
The CloudCenter platform requires that you launch a PaaS service using a non-IAM cloud account.
You cannot launch an AWS PaaS service using an IAM cloud account!
Instead of specifying the access key and secret key and so forth, you can manage instance types by using an IAM role. By default, this feature is disabled and you must explicitly enable the IAM role by toggling this button to ON when you configure an AWS Cloud.
Tips to use IAM roles in the CloudCenter platform:
You can launch RDS instances using IAM role-based accounts if you meet the following requirements:
If a Docker container is not part of the CCO, then you must assign the Docker container VM to the same IAM role as the CCO server.
Be sure to attach the following sts:GetFederationToken custom policy to IAM roles (with RDSfullAccess):
You can assign an AWS ARN in the instance profile field in the Deployment Environments form by adding the iam:PassRole to the role used to launch the CCO VM.
Back to: AWS Configurations
Configuring an AWS Instance
To setup the CloudCenter database to be an RDS instance, see Configuring an AWS Database.
When you configure 100 GB of disk space, you may only get 20GB VM. This is because CloudCenter only used thein earlier CloudCenter releases. You can attach one ephemeral disks if you configure a larger size in the instance type (see for additional context).
Root Volume Size
An optional Instance Profile field is available when you configure Environments or set the Deployment Environment Defaults. If you configure this field, provide the Amazon Resource Name (ARN) used for the Instance Profile configured in your AWS Cloud account.
If you specify the Instance Profile name, the CloudCenter platform launches VMs within the IAM role that is associated with the corresponding instance profile.
To successfully launch the AWS cloud account (either using as IAM role or the account secret key) you must have the required permission to pass the IAM role associated with the specified instance profile.
If the application VMs run in isolated networks (like Amazon's VPC), be sure to setup proper NAT rule (only outgoing needed) to allow application VMs to connect to RabbitMQ. See Per CloudCenter Region Installation (Required) > AMQP for additional context.
The CCM instance that interacts with the CloudHSM server must reside inside the same VPC as the CCM. See CloudHSM for additional context.
Refer to https://aws.amazon.com/articles/0639686206802544 for additional context.
CloudCenter ELB Representation
AWS allows either internal or internet facing ELBs and they are associated to subnets that the instances will be on. The CloudCenter platform uses this information by allowing you to select internal or external within each ELB tier of the CloudCenter application profile. From there, the subnet for the ELB is determined by where the application tier instances are instantiated.
Refer to the Amazon Documentation for additional context.
Availability Zones and Sets
UI: See the Availability Sets and Zones.
Description: Details about the AWS Network Interface Cards (NICs) configuration. Seefor additional details. The concept of in AWS is mapped to the subnet as you can have multiple subnets for a each zone. So you must input the list of subnets as the input for an availability set. During an API job deployment, the availability set input is provided as part of the NIC information. To be more specific the first NIC will contain the information as the comma separated subnet list as shown in the example.
- Description: The network identifier for each required tier.
- Type: String
Required (if configured in your application profile)
- Description: Identifies the allocation strategy used to configure the NIC for an AWS cloud
- Type: Enumeration
Enumeration Description DHCP (default) This strategy allows the IP to be allocated by the DHCP server to the instance on server boot up. This IP address is not known prior to server boot up. Pre-allocate IP
This strategy allows the cloud infrastructure IP allocation to be dynamically provided before the server boots up. This strategy is specific to the following OpenStack applications:
- CISCO CSR1000: Configuration drive file IP populated with the pre-allocated IPs known before server boot up.
- CISCO F5 Load Balancer: Multiple NIC support.
Static IP (only CloudCenter 3.x) This strategy allows the customer to provide the IP address. As this IP address may or may not be available to the server (based on the availability), you must perform adequate checks to ensure IP availability before using this strategy.
- Description: The number at which a resource is to be attached. When updating a phase, use this order to re-order the resource to a different position in the array of resources.
- Type: Long
Required (if configured in your application profile)
- Description: The type of network for this NIC. A corresponding list of domains are attached to each option.
Enumeration Description NETWORK A private network that supports IP ranges which overlap with another private network BRIDGE_DOMAIN A set of logical ports that share the same flooding or broadcast characteristics. Used for ACI environments.
Example 1: Using DHCP allocation mode
Example2: Using Static IP allocation mode
Example 3: Using IPv6 Address
When allocating firewall rules, CloudCenter supports IPv6, in addition to IPv4, addresses in the source for app profile, tenant, and security profiles. When you assign IPv6 addresses, the CloudCenter platform validates the security rule source before accepting the IPv6 address. This support is restricted to AWS and OpenStack clouds. If you provide an invalid IPv4/6 IP address, then the CloudCenter platform rejects the deployment as invalid. See IP Allocation Mode for additional details.
Example 4: Using Multiple NICs
AWS support multiple NICs across subnets in the same availability zone